def test_expired_token():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["complex", "subscription", "temporal"]
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
assert len(r['response']['request']) == 1
s = token.split("/")
uuid = s[3]
assert expire_token(uuid) is True
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 403
def test_invalid_token():
token = 'auth.iudx.io/[email protected]/e7444fab9a74ffb6da795a69c0eeb3b5/4238265a-611f-41c0-813a-6e16cf8cc228'
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 400
token = 'auth.iudx.org.in/xy#)(@datakaveri.org/e7444fab9a74ffb6da795a69c0eeb3b5/4238265a-611f-41c0-813a-6e16cf8cc228'
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 400
token = 'auth.iudx.org.in/[email protected]/eAZZfab9a74ffb6da795a69c0eeb3b5/4238265a-611f-41c0-813a-6e16cf8cc228'
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 400
token = 'auth.iudx.org.in/[email protected]/e7444fab9a74ffb6da795a69c0eeb3b5/4238265a611f-41c0-813a-6e16cf8cc228'
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 400
token = 'auth.iudx.org.in/[email protected]/e7444fab9a74ffb6da795a69c0eeb3b5/4238265a-z11f-41c0-813a-6e16cf8cc228'
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 400
def test_valid_token():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["complex", "subscription", "temporal"]
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
response = r['response']
assert response['consumer'] == token.split('/')[1]
assert response['request'][0][
'id'] == resource_id + '/*' # since its res group
assert len(response['request'][0]['apis']) > 1
def test_different_items():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["complex", "subscription", "temporal"]
}
r = provider.provider_access([access_req])
body = {}
body['request'] = [
resource_id, resource_id + "/item-1", resource_id + "/item-2/item-3"
]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
assert len(r['response']['request']) == 3
for i in r['response']['request']:
assert i['id'] in [
resource_id + '/*', resource_id + "/item-1",
resource_id + "/item-2/item-3"
]
def test_ingester_rs():
with open('../capabilities.json') as f:
caps = json.load(f)
for cap, apis in caps['rs.iudx.io']['data ingester'].items():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'data ingester',
"item_id": resource_id,
"item_type": "resourcegroup"
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id + '/*'
assert set(resp['request'][0]['apis']) == set(apis)
def test_token_belonging_diff_server():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/file.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["download"]
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 403
r = file_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
assert len(r['response']['request']) == 1
def test_consumer_ingester_same_resource():
with open('../capabilities.json') as f:
caps = json.load(f)
all_caps = list(caps['rs.iudx.io']['consumer'].keys())
all_apis = set()
consumer_apis = list(caps['rs.iudx.io']['consumer'].values())
ingester_apis = list(caps['rs.iudx.io']['data ingester']['default'])
for i in consumer_apis:
all_apis.update(i)
all_apis.update(ingester_apis)
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req_c = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": all_caps
}
access_req_di = {
"user_email": email,
"user_role": 'data ingester',
"item_id": resource_id,
"item_type": "resourcegroup"
}
r = provider.provider_access([access_req_c, access_req_di])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
check = False
all_apis = {
str.replace('{{RESOURCE_GROUP_ID}}', resource_id)
for str in all_apis
}
assert len(r['response']['request']) == 1
for i in r['response']['request']:
assert i['id'] == resource_id + '/*'
if all_apis == set(i['apis']):
check = True
assert check is True
def test_revoked_rule():
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": ["complex", "subscription", "temporal"]
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
# delete rule
# find access ID and delete it
r = provider.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if resource_id == r['item']['cat_id']:
access_id = r['id']
break
assert access_id != -1
r = provider.delete_rule([{'id': access_id}])
assert r['success'] == True
assert r['status_code'] == 200
r = resource_server.introspect_token(token)
assert r['success'] is False
assert r['status_code'] == 403
def test_rs_all_caps():
with open('../capabilities.json') as f:
caps = json.load(f)
all_caps = list(caps['rs.iudx.io']['consumer'].keys())
all_apis = set()
apis = list(caps['rs.iudx.io']['consumer'].values())
for i in apis:
all_apis.update(i)
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": all_caps
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
all_apis = {
str.replace('{{RESOURCE_GROUP_ID}}', resource_id)
for str in all_apis
}
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id + '/*'
assert set(resp['request'][0]['apis']) == all_apis
def test_introspect_audit():
global body
global TUPLE
global num_tokens_before
global token_hash
r = consumer.get_token(body)
access_token = r['response']
assert r['success'] is True
assert None != access_token
assert 60 * 60 * 2 == access_token['expires-in']
token = access_token['token'],
if type(token) == TUPLE:
token = token[0]
s = token.split("/")
assert len(s) == 3
assert s[0] == 'auth.iudx.org.in'
server_token = access_token['server-token'][RS]
if type(server_token) == TUPLE:
server_token = server_token[0]
assert resource_server.introspect_token(token,
server_token)['success'] is True
# introspect once more
assert resource_server.introspect_token(token,
server_token)['success'] is True
# introspect with request
request = [{
"id":
"rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/" + RS +
"/resource-xyz-yzz",
"apis": ["/latest"],
"methods": ["GET"],
"body": {
"key": "some-key"
}
}]
bad_request = [{
"id":
"rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/" + RS +
"/resource-xyz-yzz",
"apis": ["/latest-now"],
"methods": ["POST"],
"body": {
"key": "some-key"
}
}]
assert resource_server.introspect_token(token, server_token,
request)['success'] is True
expect_failure(True)
assert resource_server.introspect_token(token, server_token,
bad_request)['success'] is False
assert resource_server.introspect_token(
token, 'invalid-token-012345678901234567')['success'] is False
assert resource_server.introspect_token(token)['success'] is False
expect_failure(False)
r = provider.audit_tokens(5)
assert r["success"] is True
audit_report = r['response']
as_provider = audit_report["as-provider"]
num_tokens_after = len(as_provider)
# number of tokens before and after request by consumer
assert num_tokens_after > num_tokens_before
token_hash = hashlib.sha256(token.encode('utf-8')).hexdigest()
def test_empty_token():
r = resource_server.introspect_token(' ')
assert r['success'] is False
assert r['status_code'] == 400
def test_deleted_cap():
with open('../capabilities.json') as f:
caps = json.load(f)
all_caps = list(caps['rs.iudx.io']['consumer'].keys())
all_apis = set()
apis = list(caps['rs.iudx.io']['consumer'].values())
for i in apis:
all_apis.update(i)
resource_id = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs.iudx.io/" + rand_rsg(
)
access_req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup",
"capabilities": all_caps
}
r = provider.provider_access([access_req])
assert r['success'] == True
assert r['status_code'] == 200
body = {}
body['request'] = [resource_id]
r = consumer.get_token(body)
assert r['success'] is True
assert r['status_code'] == 200
token = r['response']['token']
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
all_apis = {
str.replace('{{RESOURCE_GROUP_ID}}', resource_id)
for str in all_apis
}
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id + '/*'
assert set(resp['request'][0]['apis']) == all_apis
# delete subscription capability and then introspect
# find access ID and delete it
access_id = -1
r = provider.get_provider_access()
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if r['item'] and resource_id == r['item']['cat_id']:
access_id = r['id']
break
assert access_id != -1
r = provider.delete_rule([{
'id': access_id,
'capabilities': ['subscription']
}])
assert r['success'] == True
assert r['status_code'] == 200
subscription_api = caps['rs.iudx.io']['consumer']['subscription'][0]
r = resource_server.introspect_token(token)
assert r['success'] is True
assert r['status_code'] == 200
resp = r['response']
assert len(resp['request']) == 1
assert resp['request'][0]['id'] == resource_id + '/*'
assert subscription_api not in set(resp['request'][0]['apis'])
token = access_token['token'],
if type(token) == TUPLE:
token = token[0]
s = token.split("/")
assert len(s) == 3
assert s[0] == 'auth.iudx.org.in'
server_token = access_token['server-token'][RS]
if type(server_token) == TUPLE:
server_token = server_token[0]
assert resource_server.introspect_token(token, server_token)['success'] is True
# introspect once more
assert resource_server.introspect_token(token, server_token)['success'] is True
# introspect with request
request = [{
"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/" + RS +
"/resource-xyz-yzz",
"apis": ["/latest"],
"methods": ["GET"],
"body": {
"key": "some-key"
}
}]
bad_request = [{
token = access_token['token'],
if type(token) == TUPLE:
token = token[0]
s = token.split("/")
assert len(s) == 3
assert s[0] == 'auth.iudx.org.in'
server_token = access_token['server-token'][RS]
if type(server_token) == TUPLE:
server_token = server_token[0]
assert True == resource_server.introspect_token (token,server_token)['success']
# introspect once more
assert True == resource_server.introspect_token (token,server_token)['success']
assert False == resource_server.introspect_token (token,'invalid-token-012345678901234567')['success']
assert False == resource_server.introspect_token (token)['success']
r = provider.audit_tokens(5)
assert r["success"] is True
audit_report = r['response']
as_provider = audit_report["as-provider"]
num_tokens_after = len(as_provider)
# number of tokens before and after request by consumer
assert num_tokens_after > num_tokens_before